Life is Good

As you know, Magento 1 has another 15-16 months of support, and this has thousands of eCommerce merchants “over the moon” with glee. In theory, they don’t have to do anything for several more months, and, if lucky, perhaps Adobe, Magento’s new owner, will push the deadline back again. Face it – there’s nothing we all like better than an excuse to do nothing. Doing nothing…what a relaxing and reassuring thought. And better yet, when you do nothing you spend nothing. Life is good. Or is it? Let’s take a closer look.

Or is it?

First of all, it’s highly unlikely that the end of life date for Magento 1 will be extended. Adobe honored Magento’s commitment to give 18 months notice to its customers of any end of life dates, but it is close to delirium to believe that they are going to do it again. That’s because even if the core Magento code is being supported, the underlying PHP code will not be. PHP 5.6 and PHP 7.0, the code running virtually all Magento 1 instances, reached their end of life on December 31, 2018. Any and all websites (not only Magento, but other platforms such as WordPress) running this code are at the mercy of several security vulnerabilities including but not limited to data corruption, data intrusion, ransomware, malware, denial of service attacks and, most ominously, exposure and theft of confidential customer information.

When one considers that 60% of all small businesses that are hacked fold up their tents within six months of the intrusion, the implications are not pleasant. So why aren’t more merchants paying attention? For one thing, the folks behind PHP development, aptly named The PHP Development Team, are just a consortium of developers, not a profit-making enterprise. As such, they only publish the results of their work to the at-large development community. As a result, it’s possible, even likely, that some Magento customers don’t even know what PHP is or that they’re running an obsolete, unsupported version. Danger lurks for these folks.

So what? Hackers will never find my site among the millions out there.

That sounds reasonable, but some disagree. Vehemently. That’s because hackers today can employ Web Crawlers (also know at Web Bots or Web Spiders) to scour the web to find specific technologies or applications. For example, a crawler can be programmed to look for sites using Magento 1 or an outdated version of PHP. Sooner or later, a crawler will find your site. Coupled with the fact that there are also tools to make it easier to hack into sites, the threat is real. Here is an interesting quote from a security expert:

“While many feel that they can ‘get away with’ running PHP 5 in 2019, the simplest way to describe this choice is: Negligent... anyone (who) finds themselves running PHP 5 after the end of the year, ask yourself: Do you feel lucky? Because I sure wouldn’t.” … Scott Arciszewski, CDO, Paragon Initiative Enterprise

Perhaps Mr. Arciszewski is being alarmist. But when you consider that between 11-20-2018 and 12-7-2018, three security patches were issued for PHP 5 just to fix “leaks” that exposed users to denial of service attacks, the termination of security updates after December 31, 2018, would seem to be a legitimate cause for alarm. And, as mentioned previously, hackers also have tools to make their jobs easier once they’ve identified a vulnerable website. Keeping them at bay is an ongoing process.

Using PHP upgrade tools

There are tools out there that claim to seamlessly upgrade your PHP 5 to PHP 7.2. In fact, Magento issues a patch to do just that. However, when counting on this as an easy and cheap shortcut there are some things to remember:

Any and all customizations will have to be re-written

Extensions written in version 5 might not work in 7.2

Those integrations you worked so hard to build (with your accounting system, for example) will also not be compatible.

All this work must be done on a development site, not your production site; if you don’t have one, you’ll have to get one.

Congratulations. You’ve most likely spent a lot of time and money, jeopardized your site’s performance and bought yourself a few months of “bliss” before you have to do it all over again by June of 2020, when Magento 1 itself goes off support.

What’s the best solution?

In plain language, stop screwing around! Get the tooth filled before you need a root canal. Rather than wasting hours and dollars with tools that may or may not solve the problem; and certainly rather than putting your eCommerce operation (as well as your livelihood) at risk, do what the current situation really requires: update your site to Magento 2.3. You’ll be on the latest version of PHP, version 7.3, and you’ll be able to easily apply security patches as they are released (which is whenever vulnerabilities are discovered.) You’ll also have one of the best eCommerce platforms available today, Magento 2.3. It’s faster, more secure, more flexible, more scalable and better in every way than your Magento 1 site. And, its search capabilities are greatly improved. A lot of development work and four years of refinement have gone into Magento 2, and it’s time you exploited its advantages. You’ll be happy, but your customers will be even happier.

Adeo Web

At Adeo Web, we’ve devoted a large part of our practice to doing Magento 2 migrations, and doing them as fast, efficiently and as economically as anyone in the industry. With close to two dozen migrations under our belt in just the last two years, our expertise is unsurpassed and our ability to exceed our clients’ expectations has become our trademark. We’ll do everything necessary to migrate your site in our own development environment; test, test and retest every step of the way and when it’s ready, plug in your new Magento 2 site without hassle or disruption of your business.

Callor email us today, and find out how we can make your eCommerce store one that customers will quickly put on the top of their “favorites” list, and hackers at the bottom of theirs.